How to access my RWW or access my server using RDP/MSTSC from outside the office when port 443 is already in use

I have a Windows 2012 R2 Domain controller (VM) & Exchange 2013 with all the roles on another Windows 2012 R2 (VM)

These both virtual machine are hosted on Windows 2012 R2 single physical IBM machine.

I have forwarded port 443 using my router to Exchange 2013 private IP 192.168.5.5 (web access to exchange OWA)

Now I want to access Remote Work Space (RWW) that is enabled on the Domain Controller

I have found that its is also using port 443.

My router supports single wan connection. Cisco RV120W
(http://www.cisco.com/c/en/us/products/routers/rv120w-wireless-n-vpn-firewall/index.html)

So i can only use single IP address (though my ISP has allotted 5 public static IP)

How to access my RWW or access my server using RDP/MSTSC from outside the office.
LVL 2
Akash BansalIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
1. Create a VPN. That gives unlimited access to the LAN resources, as you can use the internal IPs and ports. Probably not what you want to do for now.

2. Use a different public port, and map that to the real IP and port.

3. Create a virtual web root on the Exchange IIS with redirection to the real server (no clue how to do that, though).
0
Akash BansalIT ProfessionalAuthor Commented:
thanks for the suggestion
sorry i missed mentioning that I don't want to setup or connect through VPN
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
There are still 2 other suggestions ...
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

Akash BansalIT ProfessionalAuthor Commented:
I am trying option number 2.

Port Forwarding Rule Table
      Action      Service      Status      Source IP      Destination IP      Internal Port       
      Always Allow      rww      Enabled      Any      192.168.5.2      443       
      Always Allow mail      Enabled      Any      192.168.5.5      443       

Custom Service Table
      Name      Type      ICMP Type / Port Range / Protocol Number       
      mail      TCP      443 - 443       
      rww      TCP      444 - 444

from out side the network i am trying:

https://mail.mydomain.com    (this is landing at exchange owa & working fine)

https://rww.mydomain.com:444 (this is not working)
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Can you try (just for test) to redirect 443 to RWW for a short time? Just seeing if the HTTPS port is all you need, or you have to redirect 987 too.
0
Akash BansalIT ProfessionalAuthor Commented:
I guess I had to reboot the router after configuring the 444 redirection.
I have rebooted the router now.
I guess I am able to hit the rww server after rebooting the router; getting certification revoked error.
I need to buy a new certificate. Once I fix the certification issue, I would get back to you.
Thanks for the valuable suggestions. :)
0
Cliff GaliherCommented:
RWW requires 443. You can't change that, unfortunately.
Similarly, there are several exchange services that require that the port be 443.

Your realistic choices are to replace the router (that's what I'd recommend) with one that supports all five IP addresses from your ISP.

Or.

Set up a reverse proxy behind your existing router and have it proxy traffic based on requested URL. Setting up a reverse proxy is not trivial, and requires ongoing patching and maintenance.
0
David Johnson, CD, MVPOwnerCommented:
or set-up the nat rules
WAN LAN  Protocol   device
443   443   TCP           exchangeipaddress
444   443   TCP           RWWipaddress
0
Cliff GaliherCommented:
As I've mentioned, RWW does not work on another port. A user could get to RWW from the outside by manually typing in :444, but most of the features will not work. Remote desktop access, media streaming, and other features that cannot use relative links are hard-coded to 443, which, of course, will hit the exchange server instead of the RWW server, and thus fail. That is why a reverse proxy or multiple IP addresses are required in this instance.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Akash BansalIT ProfessionalAuthor Commented:
As per Mr. Cliff even setting up NAT rules(suggested by Mr. David) or mapping (suggested point 2 by Mr. Olemo) would not work in my case.

Use of reverse proxy would also add new set of issues.

So, could you suggest any economical router, preferably cisco small business series or equivalent.

I have cisco RV042/ RVS4000 / RV120W & TP LINK TL-R470T+ http://www.tp-link.in/products/details/?model=TL-R470T%2B
0
Cliff GaliherCommented:
Especially for the small business, I prefer a UTM over a simple router. I think Sophos makes a great UTM for the price. SonicWall is also very popular and coming from Dell, has good support and longetivity. Most SMB UTMs will do what you need. The Cisco equivalent would be the ASA series. Like most Cisco gear, the ASAs are a little pricier, but can be good if the admin knows what they are doing. The RV series is actually a Linksys which Cisco bought....then sold...and were never very good.
0
Akash BansalIT ProfessionalAuthor Commented:
Thanks CLiff, you always helpful to me. :)

I can understand UTM like sonicwall is the right fit.

Need $100-$200 router that just accomplish the purpose. My clients don't have much budget.
Wish we could find some. All the clients have only 10-30 users max.
0
Cliff GaliherCommented:
The entry level UTMs are in the $200 range.
0
Akash BansalIT ProfessionalAuthor Commented:
I called up CISCO, they enabled one to one NAT, it solved the purpose & enabled me to use second public IP as well.
It worked like a charm.
0
Akash BansalIT ProfessionalAuthor Commented:
It worked on $100 CISCO RV series router.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.